When we mention “computer virus” or “malware” the first association that comes in the people’s minds usually is some sort of dangerous program which can harm their computer or mess up their software and data in a dangerous way. Most forms of malware are indeed specialized in performing some cyber crimes and in exploiting the victim’s identity and personal data for harmful activities. However, among all the computer threats, there is one special category which is unmatched in its maliciousness – the Ransomware. The representatives of this category are very complex computer infections which do not cause direct harm to the contaminated machine. Instead, they use encryption on the victim’s personal files as a base for a further criminal scheme. The Ransomware viruses are tools for online blackmailing which normally use a special encryption code in order to render the users’ data inaccessible. They basically encrypt the most used file types and ask for a ransom to be paid in exchange for their decryption. The hackers who develop such malware ask for a certain amount of money (normally in the form of some cryptocurrency) in order to send a secret decryption key to their victims so that they can restore the access to the sealed data.
The current article is dedicated to one recently reported Ransomware named Gandcrab v5.1 which, as per the information that we have, is rapidly spreading around the Internet and attacking random unsuspecting online users. If you have fallen prey to this nasty computer threat, maybe the information that we have prepared below would be something that you would like to read. In the paragraphs that follow, you can learn more about the characteristics of this software as well as about the possible actions you can take to have the infection removed from your system. Our “How to remove” team have done their best to offer you an alternative solution (in the form of a Removal Guide) to the dreadful cryptovirus and its ransom demands. Those of you who want to avoid paying money to the hackers may to try out the following guide although we cannot guarantee its effectiveness in each and every case.
Unfortunately, we need to warn you that following the instructions in the Removal Guide from the current page may not be enough to liberate the encrypted files from the grasp of Gandcrab v5.1. This cryptovirus uses an advanced and very complex encryption algorithm which is likely to remain on your files even after the harmful virus has been removed from the computer. Still, the deletion of the infection is very important for the future attempts of file-restoration because if the Ransomware is present on the system, it may place its encryption on everything that you may manage to recover including any backup sources or devices that you connect.
Now, as far as the potential data-recovery methods are concerned, you can find several tips within the Guide. They may potentially help you to extract some of your files from system shadow copies. Still, keep in mind that those may not always be able to save all the data and that’s why the most reliable way to get everything back is to use your own file backups or copies. It is worth to check every possible method, file-recovery tool, external drive, USB or other devices which may have the files that you need to recover. Considering the ransom payment should be your very last option because succumbing to the hackers and to their demands is not only is a direct act of sponsorship to their blackmailing practice but also does not guarantee the decryption of your data. The cybercriminals who are harassing you are not obligated to send you the needed decryption details. What is more, there is absolutely nothing that could make them do so which means that if you decide to pay the ransom, you will be basically risking all of your money without having any guarantee that your data would actually get restored.
Avoiding Ransomware cryptoviruses
The nature of the Ransomware infections is very stealthy and shady. That’s why, if you want to keep such nasty viruses away from your PC, you should try to limit your interaction with every possible transmitter, sketchy software, shady web pages or other questionable content. A malware like Gandcrab v5.1 could be attached to many legitimate-looking transmitters including Trojan horse infections. That’s why, having reliable antivirus software and running regular system scans with it is a must. Another very important protection measure which most web users neglect is creating backups of their most valuable files and placing them on separate devices. External drives, flash memory sticks and cloud services are excellent tools you can use to to keep your data copies safe even in a case of an attack by a Ransomware virus.
|Danger Level||High (Gandcrab v5.1 Ransomware encrypts all types of files)|
|Symptoms||Very few and unnoticeable ones before the ransom notification comes up.|
|Distribution Method||From fake ads and fake system requests to spam emails and contagious web pages.|
Remove Gandcrab v5.1 Ransomware Virus
Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.
2: Task Manager
Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.
If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.
Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.
3: The Hosts file
Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.
Find where it says Localhost and take a look below that.
If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the virus.
To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.
If you want to avoid the risk, we recommend downloading SpyHunter - a professional malware removal tool - to see whether it will find malicious programs on your PC.
4: Disable Startup programs
Re-open the Start Menu and type msconfig.
Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10, it will send you to the Startup part of the task manager instead, as in the picture:
If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious , disable those programs and select OK.
5: Registry Editor
Press Windows key + R and in the resulting window type regedit.
Now, press Ctrl + F and type the name of the virus.
Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.
6: Deleting potentially malicious data
Type each of the following locations in the Windows search box and hit enter to open the locations:
Delete everything you see in Temp linked to Gandcrab v5.1 Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.
The previous steps were all aimed at removing the Gandcrab v5.1 Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.